;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
+;;; Copyright © 2017 ng0 <ng0@n0.is>
;;; Copyright © 2018 Manuel Graf <graf@init.at>
+;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
- #:autoload (gnu packages boost) (boost)
+ #:use-module (gnu packages boost)
#:use-module (gnu packages compression)
#:use-module (gnu packages crypto)
#:use-module (gnu packages elf)
#:use-module (gnu packages gperf)
#:use-module (gnu packages groff)
#:use-module (gnu packages guile)
+ #:use-module (gnu packages libedit)
#:use-module (gnu packages linux)
#:use-module (gnu packages logging)
#:use-module (gnu packages m4)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
- #:autoload (gnu packages protobuf) (protobuf)
+ #:use-module (gnu packages protobuf)
#:use-module (gnu packages python)
+ #:use-module (gnu packages python-xyz)
#:use-module (gnu packages readline)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
#:use-module (guix git-download)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (srfi srfi-1))
(define-public libssh
(package
(name "libssh")
- (version "0.7.7")
+ (version "0.9.3")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://git.libssh.org/projects/libssh.git")
(commit (string-append "libssh-" version))))
- (patches (search-patches "libssh-hostname-parser-bug.patch"))
(sha256
(base32
- "07adxvhmnaq2l7sq7sn4sjlikbm1zdicq8lavq5yfila6jbx9z1y"))
+ "175i3xybg69d5lb078334v6dd3njm743kww8f67ix9w33969rmzf"))
(file-name (git-file-name name version))))
(build-system cmake-build-system)
(outputs '("out" "debug"))
(define-public libssh2
(package
(name "libssh2")
- (version "1.8.0")
+ (version "1.9.0")
(source (origin
(method url-fetch)
(uri (string-append
version ".tar.gz"))
(sha256
(base32
- "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))
- (patches
- (search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))
+ "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
(propagated-inputs `(("libgcrypt" ,libgcrypt)
("zlib" ,zlib)))
- (arguments `(#:configure-flags `("--with-libgcrypt")
- #:phases (modify-phases %standard-phases
- (replace 'bootstrap
- (lambda _
- (invoke "autoreconf" "-v"))))))
- (native-inputs `(("autoconf" ,autoconf)
- ("automake" ,automake)))
+ (arguments `(#:configure-flags `("--with-libgcrypt")))
(synopsis "Client-side C library implementing the SSH2 protocol")
(description
"libssh2 is a library intended to allow software developers access to
into an application to perform many different tasks when communicating with
a server that supports the SSH-2 protocol.")
(license license:bsd-3)
- (home-page "http://www.libssh2.org/")))
+ (home-page "https://www.libssh2.org/")))
(define-public openssh
(package
(name "openssh")
- (version "7.9p1")
+ (version "8.0p1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/OpenSSH/portable/"
name "-" version ".tar.gz"))
(sha256
(base32
- "1b8sy6v0b8v4ggmknwcqx3y1rjcpsll0f1f8f4vyv11x4ni3njvb"))))
+ "0s7xh4s0qcipnjh9ls5blxcpvhyd116z9dxn3q1yi64lwrwki55x"))))
(build-system gnu-build-system)
- (native-inputs `(("groff" ,groff)))
- (inputs `(("openssl" ,openssl)
+ (native-inputs `(("groff" ,groff)
+ ("pkg-config" ,pkg-config)))
+ (inputs `(("libedit" ,libedit)
+ ("openssl" ,openssl)
("pam" ,linux-pam)
("mit-krb5" ,mit-krb5)
("zlib" ,zlib)
(assoc-ref %build-inputs "mit-krb5")
"/bin")
+ ;; libedit needed for sftp completion
+ "--with-libedit"
+
;; Enable PAM support in sshd.
"--with-pam")
(version "0.11.3")
(home-page "https://github.com/artyom-poptsov/guile-ssh")
(source (origin
- ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz
- ;; exists, but the server appears to be too slow and unreliable.
- ;; Also, using this URL allows the GitHub updater to work.
- (method url-fetch)
- (uri (string-append home-page "/archive/v"
- version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference
+ (url home-page)
+ (commit (string-append "v" version))))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1g2jzcg1p25zrkx06j160qb8bgcwa3001ys4q02496xs61pvywqk"))))
+ "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; libssh >= 0.8.0 no longer provides libssh_threads: see
+ ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>.
+ (substitute* "libguile-ssh/Makefile.am"
+ (("-lssh_threads") ""))
+
+ ;; This test would wrongfully pick DSS keys when running on
+ ;; libssh >= 0.8.0, which fails:
+ ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>.
+ (substitute* "tests/server.scm"
+ (("= %libssh-minor-version 7")
+ ">= %libssh-minor-version 7"))
+
+ ;; Allow builds with Guile 3.0.
+ (substitute* "configure.ac"
+ (("^GUILE_PKG.*$")
+ "GUILE_PKG([3.0 2.2 2.0])\n"))
+ #t))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(arguments
#:configure-flags '("--disable-static")
#:phases (modify-phases %standard-phases
- (add-after 'unpack 'autoreconf
- (lambda* (#:key inputs #:allow-other-keys)
- (invoke "autoreconf" "-vfi")))
(add-before 'build 'fix-libguile-ssh-file-name
(lambda* (#:key outputs #:allow-other-keys)
;; Build and install libguile-ssh.so so that we can use
libssh library.")
(license license:gpl3+)))
-(define-public guile2.2-ssh
- (deprecated-package "guile2.2-ssh" guile-ssh))
-
(define-public guile2.0-ssh
(package
(inherit guile-ssh)
(inputs `(("guile" ,guile-2.0)
,@(alist-delete "guile" (package-inputs guile-ssh))))))
+(define-public guile3.0-ssh
+ (package
+ (inherit guile-ssh)
+ (name "guile3.0-ssh")
+ (arguments
+ (substitute-keyword-arguments (package-arguments guile-ssh)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-before 'bootstrap 'delete-old-guile-m4
+ (lambda _
+ ;; The old 'guile.m4' that's shipped would fail to recognize
+ ;; Guile 2.9 as "3.0".
+ (delete-file "m4/guile.m4")
+ #t))
+ (add-before 'build 'adjust-for-guile3
+ (lambda _
+ ;; Adjust for things that are deprecated in 2.2 and removed in
+ ;; 3.0.
+ (substitute* "tests/common.scm"
+ (("define-module \\(tests common\\)")
+ "define-module (tests common)
+ #:use-module (ice-9 threads)\n"))
+ (substitute* "modules/ssh/tunnel.scm"
+ (("define-module \\(ssh tunnel\\)")
+ "define-module (ssh tunnel)
+ #:use-module (ice-9 threads)"))
+ (substitute* "modules/srfi/srfi-64.upstream.scm"
+ (("_IOLBF")
+ "'line"))
+ #t))))))
+ (inputs `(("guile" ,guile-next)
+ ,@(alist-delete "guile" (package-inputs guile-ssh))))))
+
(define-public corkscrew
(package
(name "corkscrew")
(version "3.1.0")
(source
(origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/MisterTea/EternalTCP/archive/et-v"
- version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/MisterTea/EternalTCP.git")
+ (commit (string-append "et-v" version))))
+ (file-name (git-file-name name version))
(sha256
- (base32 "1n2w2kqbshdmbb0gz4yizyw9gqfls6qm2dnwx1d9c2hz7hmi7521"))))
+ (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm"))))
(build-system cmake-build-system)
(arguments `(#:tests? #f))
(native-inputs
(define-public dropbear
(package
(name "dropbear")
- (version "2018.76")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://matt.ucc.asn.au/" name "/releases/"
- name "-" version ".tar.bz2"))
- (patches (search-patches "dropbear-CVE-2018-15599.patch"))
- (sha256
- (base32
- "0rgavbzw7jrs5wslxm0dnwx2m409yzxd9hazd92r7kx8xikr3yzj"))))
+ (version "2019.78")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://matt.ucc.asn.au/dropbear/releases/"
+ "dropbear-" version ".tar.bz2"))
+ (sha256
+ (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj"))))
(build-system gnu-build-system)
- (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
+ (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
+ ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least
+ ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674>
+ ;; for more information.
(inputs `(("zlib" ,zlib)))
(synopsis "Small SSH server and client")
(description "Dropbear is a relatively small SSH server and
;; Tests rely on $USER being set.
(setenv "USER" "guix"))))))
- (home-page "http://www.lysator.liu.se/~nisse/lsh/")
+ (home-page "https://www.lysator.liu.se/~nisse/lsh/")
(synopsis "GNU implementation of the Secure Shell (ssh) protocols")
(description
"GNU lsh is a free implementation of the SSH version 2 protocol. It is
(define-public autossh
(package
(name "autossh")
- (version "1.4f")
+ (version "1.4g")
(source
(origin
(method url-fetch)
(uri (string-append
- "http://www.harding.motd.ca/autossh/autossh-"
+ "https://www.harding.motd.ca/autossh/autossh-"
version ".tgz"))
(sha256
- (base32 "1wpqwa2872nqgqbhnb6nnkrlzpdawd5k69gh1qp68354pvhyawh1"))))
+ (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"))))
(build-system gnu-build-system)
(arguments `(#:tests? #f)) ; There is no "make check" or anything similar
(inputs `(("openssh" ,openssh)))
(synopsis "Automatically restart SSH sessions and tunnels")
(description "autossh is a program to start a copy of @command{ssh} and
monitor it, restarting it as necessary should it die or stop passing traffic.")
- (home-page "http://www.harding.motd.ca/autossh/")
+ (home-page "https://www.harding.motd.ca/autossh/")
(license
;; Why point to a source file? Well, all the individual files have a
;; copy of this license in their headers, but there's no separate file
(define-public pdsh
(package
(name "pdsh")
- (version "2.33")
+ (version "2.34")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/chaos/pdsh/"
"releases/download/pdsh-" version
"/pdsh-" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
(sha256
- (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k"))))
+ (base32 "1s91hmhrz7rfb6h3l5k97s393rcm1ww3svp8dx5z8vkkc933wyxl"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(define-public clustershell
(package
(name "clustershell")
- (version "1.8")
+ (version "1.8.3")
(source
(origin
(method url-fetch)
- (uri (string-append "https://github.com/cea-hpc/clustershell/archive/v"
- version
- ".tar.gz"))
+ (uri (string-append "https://github.com/cea-hpc/clustershell/releases"
+ "/download/v" version
+ "/ClusterShell-" version ".tar.gz"))
(sha256
- (base32 "1qyf6zp5ikk8rk7zvx5ssbgr9si2bqv3a3415590kd07s7i16nmd"))
- (file-name (string-append name "-" version ".tar.gz"))))
+ (base32 "1qdcgh733szwj9r1gambrgfkizvbjci0bnnkds9a8mnyb3sasnan"))))
(build-system python-build-system)
(inputs `(("openssh" ,openssh)))
(propagated-inputs `(("python-pyyaml" ,python-pyyaml)))
identical outputs, or retrieving return codes. ClusterShell takes advantage
of existing remote shell facilities such as SSH.")
(license license:lgpl2.1+)))
+
+(define-public endlessh
+ (package
+ (name "endlessh")
+ (version "1.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/skeeto/endlessh/releases/"
+ "download/" version "/endlessh-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0hhsr65hzrcb7ylskmxyr92svzndhks8hqzn8hvg7f7j89rkvq5k"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ "CC=gcc")
+ #:tests? #f ; no test target
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)))) ; no configure script
+ (home-page "https://github.com/skeeto/endlessh")
+ (synopsis "SSH tarpit that slowly sends an endless banner")
+ (description
+ "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH
+banner. It keeps SSH clients locked up for hours or even days at a time. The
+purpose is to put your real SSH server on another port and then let the script
+kiddies get stuck in this tarpit instead of bothering a real server.
+
+Since the tarpit is in the banner before any cryptographic exchange occurs, this
+program doesn't depend on any cryptographic libraries. It's a simple,
+single-threaded, standalone C program. It uses @code{poll()} to trap multiple
+clients at a time.")
+ (license license:unlicense)))